Author: Jonas Nick 2022-07-08 15:53:06
Published on: 2022-07-08T15:53:06+00:00
The concept of half-aggregation has been discussed on multiple occasions in various contexts. To facilitate further discussions, a concrete specification of the scheme and a platform for supplementary information such as references to cryptographic security proofs have been provided. The BIP draft can be accessed at https://github.com/ElementsProject/cross-input-aggregation/blob/master/half-aggregation.mediawiki. This BIP draft, similar to BIP-340, only specifies the cryptographic scheme and does not prescribe specific applications. Nonetheless, it has a new feature called "incremental aggregation" that allows additional BIP-340 signatures to be aggregated into an existing half-aggregate signature. While BIP-340 has a pseudocode specification and a reference implementation in Python, this BIP draft has a formal specification written in hacspec and auxiliary pseudocode. The formal specification provides a mathematically precise description of the scheme, which could pave the way for computer-aided formal proofs. To explore this exciting area, one can use the standard Rust toolchain to compile, execute, and test the specification since hacspec's syntax is a subset of Rust's syntax. However, the specified scheme has not yet received an extensive security review, although Elliott Jin and Tim Ruffing have already reviewed it.A blog post providing a broader context for half-aggregation and BIP-340 can be found at https://blog.blockstream.com/half-aggregation-of-bip-340-signatures/.
Updated on: 2023-05-22T20:38:30.978459+00:00